Very long filenames?

Anthony Peacock a.peacock at
Fri Jun 29 16:27:53 IST 2007

Ken Goods wrote:
> I received this notification this morning. 
> Subject: Re: 
> MessageID: l5TDre77020228
> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228
> Report: MailScanner: Very long filenames are good signs of attacks against
> Microsoft e-mail packages (TCA2AR759CAY3E.jpg)
> I was just wondering how long is a *long* filename? This doesn't appear to
> be excessive as we commonly get Word documents that are much longer. I
> looked around but couldn't find the upper limit that triggers this rule.

In my config (filename.rules.conf) this is set as anything over 150 

MailScanner does some sanity editing of the filename before inserting it 
into the report, so the filename reported may not be exactly the same as 
the original filename.

Anthony Peacock
CHIME, Royal Free & University College Medical School
"A CAT scan should take less time than a PET scan.  For a CAT scan,
  they're only looking for one thing, whereas a PET scan could result in
  a lot of things."    - Carl Princi, 2002/07/19

More information about the MailScanner mailing list